Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-40094, CVE-2024-7254, CVE-2023-50314 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protoco...

Security Bulletin: Due to the use of Apache Commons IO, IBM WebSphere eXtreme Scale Liberty Deployment is vulnerable to an Uncontrolled Resource Consumption vulnerability

Summary YAJSW service is used for registering XSLD services with operating system. commons-io-2.11.0.jar bundled in YAJSW is vulnerable to CVE-2024-47554. This is fixed in yajsw-stable-13.13. Applying ifix PH65060 will upgrade YAJSW to 13.13 version. Vulnerability Details CVEID:CVE-2024-47554...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314

Summary Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities

Summary IBM Security Verify Governance ISVG ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server traditional is vulnerable to cross-site scripting

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

CVE-2024-37532

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721...

CVE-2024-22354

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memo...

CVE-2024-35154

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included

Summary There are multiple vulnerabilities, used by IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-26643 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to page fault...

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Containerized Identity Manager

Summary Multiple security vulnerabilities have been addressed in the update to IBM Security Verify Governance - Containerized Identity Manager component. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improp...

Security Bulletin: Vulnerabilites in the IBM WebSphere Application Server Liberty version 17.0.0.3 - 24.0.0.5 affects Watson Machine Learning Accelerator on Cloud Pak for Data

Summary Vulnerabilites in the IBM WebSphere Application Server Liberty version 17.0.0.3 - 24.0.0.5 affects Watson Machine Learning Accelerator on Cloud Pak for Data several releases. It has be fixed in Watson Machine Learning Accelerator on Cloud Pak for Data 5.0.1 release. Vulnerability Details...

IBM WebSphere Application Server Liberty 21.0.0.2 < 25.0.0.2 DoS (7181925)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a DoS vulnerability as referenced in the 7181925 advisory. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol server...

IBM WebSphere Application Server Liberty 20.0.0.12 < 24.0.0.11 DoS (7173097)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a DoS vulnerability as referenced in the 7173097 advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can...

IBM WebSphere Application Server Liberty 20.0.0.6 < 24.0.0.12 DoS (7174997)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a DoS vulnerability as referenced in the 7174997 advisory. - GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of servi...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2024-47535)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45087)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2024-27270]

Summary Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Patterns . Vulnerability Details CVEID:CVE-2024-27270 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This...